SQL Injection Worm infects thousands of unpatched websites

Another SQL Injection worm is on the run and it has succeeded in infecting a few thousands websites until now, making them become malware spewing websites instead.

The worm adds a few lines of codes to pages of the target website which in turn point to a corresponding page on the rogue website, through an iFrame, that will then contaminate any user who visit the pages.

At the time of writing, more than 11,000 websites were reportedly infected (i.e. their HTML pointed to the culprit website) and most of these were English speaking websites.

The Internet Storm Centre who broke the story, says that it doesn't know how the worm operates while Shadowserver provides with more hints on what happens after connecting to the rogue servers.

The malware that is reportedly downloaded appears to be multi faceted and part of a kit; Shadowserver recommends that internet users block access to the malicious domains and sites by using content filters, changing their DNS entries and blocking IP addresses.